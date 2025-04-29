BOSTON, MA, April 29, 2025 (GLOBE NEWSWIRE) -- Today, Object Management Group®️ (OMG®️) published the SPECTRA Core Assertions Metamodel proposed specification (SPECTRA-CA) for public comment. We invite comments from any interested parties on this specification, which OMG has proposed for standardization via our “Request for Comments” process.

This specification is one of four specifications issued for public review and comments, which will ultimately be combined into one System Profile for Effective Cyber Threat-based Risk Assessments (SPECTRA) OMG standard. SPECTRA is a language that describes cyber and cyber-physical systems for risk assessments, cybersecurity assessments, and vulnerability assessments. The other components are SPECTRA for SysML v1, SPECTRA for SysML v2 (which have already completed their public comments phase), and SPECTRA CSV and this SPECTRA Core Assertions Metamodel specification.

System descriptions - including models- consist of many essential artifacts for one or more lifecycle phases. For a cybersecurity assessment, certain artifacts are of essence - for example, what the parts of the system are, how these parts are connected to convey information, what information is being communicated, and what the nature of the parts is. Cybersecurity implies a filter for the level of technical detail compared to other disciplines involved in the system lifecycle. Extracting only the relevant cybersecurity assertions from a larger system description is challenging.

The SPECTRA language - a set of conceptual entities and relations, collectively referred to as Core Assertions for cybersecurity - extends Systems Engineering languages with the means to identify the core entities and their relationships to support the task of interpreting and postprocessing a system description by automated tools and enabling cybersecurity analytics. SPECTRA facilitates ingesting normalized machine-consumable system descriptions into compliant tools for big data analytics in cybersecurity. SPECTRA’s objective is to provide a standard compliance reference for acquisition contracts soliciting models for various assessments, as well as tools and services for performing such assessments automatically

This specification defines the Core Assertions Metamodel part of the SPECTRA standard.

The OMG aims to publish unique, timely standards that provide business value. We are particularly interested in comments regarding this specification's suitability, usability, timeliness, and uniqueness. Please let us know if you are aware of any other publicly available standard that covers the exact requirements or any commercial or industry issues regarding this specification as currently proposed. This is part of our due diligence toward advancing this specification to become a formal international standard.

Anyone can respond to this request for public comments via the form at https://www.omg.org/technology/rfc-form.htm .

Comments are due by 12 May 2025. All public comments will be reviewed when the OMG next meets in June 2025 and considered before we progress into the “Finalization” process to adopt this as a formal OMG specification. Minor comments will be addressed during Finalization.

You can view all the deliverables that make up this specification on our Public Schedule page under “Pending Requests for Comments” or read the specification document itself directly at https://www.omg.org/cgi-bin/doc.cgi?sysa/2025-2-1

